Current page is: Advisories/News

C&C Security News

Microsoft has released an updated Outlook mobile app for Apple iOS and Android devices. Even though Microsoft claims credentials and e-mail content are securely protected and encrypted, this new connection model raises security and privacy concerns.

Microsoft has released a Security Advisory about an exploit that makes MS Word and MS Outlook vulnerable to attackers via opening up an RTF attachment or email message. A "Fix It" tool and workaround is available, as well as more information.

With the objective of enhancing the security of UC's information technology environment, the UC Office of the President recently released an Information Security Awareness course. This course is designed to promote practices that will help prevent security breaches involving academic and administrative systems, including personal computing devices.

The announcements of security breaches involving social security numbers and other personal, private information occur all too often across the country and within the UC system itself. Therefore, C&C wishes to remind the campus community of some best practices for information technology security, privacy, and confidentiality.

This is a great time to think about whether your electronic devices are secure, and if they're not, what you should do about it! Computing & Communications maintains a focus on security year-round, and offers a number of resources to enhance security and awareness of security best practices on campus.

Unknown and unauthorized individuals are calling UC personnel and impersonating "network and academic computing" staff. These individuals ask faculty and staff for their usernames and passwords in order to "fix" issues with their campus accounts. Please do not respond to these requests for private information.

Recently a number of warnings have been issued in various computer security publications regarding Adobe Acrobat Reader and potential vulnerabilities it introduces to PC workstations. However, many of the issues can be mitigated by careful user habits.

During the past several months, there has been a rise in the number of e-mail scams making their way across the Internet. Some of these messages are crafted to look as though they come from official UCR groups, and these emails ask campus users to provide their Social Security Numbers, usernames, passwords, birth dates...

There have been a large number of fraudulent emails sent to all faculty, staff and students. These emails are crafted to appear as though they are coming from a bona fide UCR department. These emails ask for your username and password to keep your account current or some similar story to gain your confidence.
Please remember that if a web site does not end in .UCR.EDU, it is not a campus site, no matter how trustworthy it might appear.

In a recent Highlander article, this issue of Internet "phishing" was discussed. Phishing is any attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Normally, Internet phishing is associated with e-mail. However, UCR recently discovered a fraudulent web site designed to look exactly like the GROWL login page.
Please remember that if a web site does not end in .UCR.EDU, it is not a campus site, no matter how trustworthy it might appear.